<?php
include("../mysql_connect.php");
include("../error/upload.php");

$xml = simplexml_load_file('php://input');

//$xml = simplexml_load_file('updateMyBoard.xml');

//XML Parse AccountInfo
foreach( $xml->attributes( ) as $attr)
{
	$AttrArray[] = $attr;
}
$UserName = $AttrArray[0];
$Level = $AttrArray[1];
$Name = $AttrArray[2];
$Organization = $AttrArray[3];

//XML Parse Board
foreach( $xml->children() as $Board)
{
	foreach( $Board->attributes( ) as $attr)
		$Array_Board[] = (string)$attr; 
}
$Storyboard_id = $Array_Board[0];
$Action = $Array_Board[1];

$strSqlCommand = "SELECT idUSER, Name, Level, Organization, Default_Channel
							FROM user
							WHERE Email = '".$UserName."'";
							
$result = mysql_query($strSqlCommand);
$rowUserInfo = @mysql_fetch_array($result);

if ($Action=='Insert') {
	
	//XML Parse Media
	foreach( $Board->children() as $Media) {
		foreach( $Media->attributes( ) as $attr) {
			$strSqlCommand = "INSERT INTO spot_user_sb_m (STORYBOARD_idSTORYBOARD, MEDIA_idMEDIA, USER_idUSER, Shared) VALUES ('".$Storyboard_id."','".$attr[0]."','".$rowUserInfo['idUSER']."','0')";
			if (!mysql_query($strSqlCommand)) {
				echo "<Error Message=\"The requested Information was not found\" Domain=\"Configuration\" />";
				saveError("InsertDetailMyBoard", $UserName, date("Y-m-d H:i:s"), "The requested Information was not found");
				return;
			}
 		}
	}
}
else if ($Action=='Delete') {
	
	foreach( $Board->children() as $Media) {
		foreach( $Media->attributes( ) as $attr) {
			//Delete only one.
			$strSqlCommand = "DELETE FROM spot_user_sb_m WHERE STORYBOARD_idSTORYBOARD = '".$Storyboard_id."' and MEDIA_idMEDIA = '".$attr[0]."' and USER_idUSER = '".$rowUserInfo['idUSER']."' LIMIT 1";
		
			if (!mysql_query($strSqlCommand)) {
				 echo "<Error Message=\"The requested Information was not found\" Domain=\"Configuration\" />";
				 saveError("DeleteDetailMyBoard", $UserName, date("Y-m-d H:i:s"), "The requested Information was not found");
				 return;
 			}
		}
		
	}
}

echo "<Success Message=\"The requested Information was accepted\" Domain=\"Configuration\" />";

//mysql_close($db_server, $db_user, $db_passwd);
?>
